Security update for gnuhealth (moderate)

openSUSE Security Update: Security update for gnuhealth Announcement ID: openSUSE-SU-2020:0534-1 Rating: moderate References: 1167126 1167128 Affected Products: openSUSE Backports SLE-15-SP1 An update that contains security fixes can now be installed. Description: This update for gnuhealth fixes...

MS16-107: Description of the security update for Word Automation Services on SharePoint Server 2013: September 13, 2016

MS16-107: Description of the security update for Word Automation Services on SharePoint Server 2013: September 13, 2016 Summary This security update resolves vulnerabilities in Microsoft Office that could allow remote code execution if a user opens a specially crafted Office file. To learn more...

Security update for permissions (moderate)

openSUSE Security Update: Security update for permissions Announcement ID: openSUSE-SU-2020:0511-1 Rating: moderate References: 1168364 Affected Products: openSUSE Leap 15.1 An update that contains security fixes can now be installed. Description: This update for permissions fixes the following...

Arbitrary Code Execution

httpha-invoker is vulnerable to arbitrary code execution. The vulnerability exists as it was found that the invoker servlets, deployed by default via httpha-invoker, only performed access control on the HTTP GET and POST methods, allowing remote attackers to make unauthenticated requests by using...

Denial Of Service (DoS)

kernel is vulnerable to denial of service DoS. The vulnerability exists as a flaw was found in the transmit methods xmit for the loopback and InfiniBand transports in the Linux kernel's Reliable Datagram Sockets RDS...

PT-2020-6938 · Jquery · Jquery

Name of the Vulnerable Software and Affected Versions: jQuery versions 2.2.0 through 3.5.0 Description: The issue is related to Cross Site Scripting vulnerability, which allows a remote attacker to execute arbitrary code via the element. Passing HTML containing elements from untrusted sources to...

Update to support the new currency symbol for the Russian ruble in Windows

Update to support the new currency symbol for the Russian ruble in Windows About this update After you apply this update, the new Russian ruble symbol can be input by using the physical keyboard, Windows on-screen keyboard osk.exe, or Tablet PC Input Panel Tabtip.exe in Windows 8.1, Windows RT 8....

October 2016 Preview of Monthly Quality Rollup for Windows Server 2012

October 2016 Preview of Monthly Quality Rollup for Windows Server 2012 The October 2016 Preview of Monthly Quality Rollup includes improvements and fixes for the Windows Server 2012 platform. We recommend that you apply this quality rollup as part of your regular maintenance routines. Improvement...

UPDATE: Empire 3.1.4

Empire 3.1.4 was released a couple of days ago! If you remember, I briefly mentioned about this tool in my five month old post titled – List of Open Source C2 Post-Exploitation Frameworks. This version adds evasive methods to the HTTP payloads along with with a few fixes. What is Empire? Empire 3...

CVE-2019-11762

A flaw was found in Mozilla's firefox and thunderbird where if two same-origin documents set document.domain differently to become cross-origin, it was possible for them to call arbitrary DOM methods/getters/setters on the now-cross-origin window. This could cause an interaction between two...

Nsauditor 3.2.0.0 - (Name) Denial of Service Exploit

Exploit Title: Nsauditor 3.2.0.0 - 'Name' Denial of Service PoC Discovery by: 0xMoHassan Date: 2020-04-04 Vendor Homepage: http://www.nsauditor.com Software Link: http://www.nsauditor.com/downloads/nsauditorsetup.exe Tested Version: 3.2.0.0 Vulnerability Type: Denial of Service DoS Local Tested o...

python-twisted: Improper neutralization of CRLF characters in URIs and HTTP methods

In Twisted before 19.2.1, twisted.web did not validate or sanitize URIs or HTTP methods, allowing an attacker to inject invalid characters such as CRLF...

Security update for GraphicsMagick (moderate)

openSUSE Security Update: Security update for GraphicsMagick Announcement ID: openSUSE-SU-2020:0429-1 Rating: moderate References: 1167208 1167623 Cross-References: CVE-2019-12921 CVE-2020-10938 Affected Products: openSUSE Backports SLE-15-SP1 An update that fixes two vulnerabilities is now...

Cross-Site Request Forgery (CSRF)

spring-security-web is vulnerable to cross-site forgery request CSRF. A remote attacker is able to submit requests to the SwitchUserFilter on behalf of the authenticated user by tricking the user into visiting a malicious web page. This vulnerability exists as the application accepts all HTTP...

infinispan: invokeAccessibly method from ReflectionUtil class allows to invoke private methods

A vulnerability was found in Infinispan such that the invokeAccessibly method from the public class ReflectionUtil allows any application class to invoke private methods in any class with Infinispan's privileges. The attacker can use reflection to introduce new, malicious behavior into the...

openSUSE: Security Advisory for apache2-mod_auth_openidc (openSUSE-SU-2020:0376-1)

The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Security update for chromium (important)

openSUSE Security Update: Security update for chromium Announcement ID: openSUSE-SU-2020:0365-1 Rating: important References: 1167090 Cross-References: CVE-2019-20503 CVE-2020-6422 CVE-2020-6424 CVE-2020-6425 CVE-2020-6426 CVE-2020-6427 CVE-2020-6428 CVE-2020-6429 CVE-2020-6449 Affected Products:...

What is the Best Defense Against Phishing Attacks?

Whether the subject line was “You’re account will be closed!” or the email address was [email protected], we have all received and rolled our eyes at a poorly disguised phishing attempt. While many view phishing as a small annoyance, this attack method has maintained longevity for a reason and...

CVE-2020-9519

HTTP methods reveled in Web services vulnerability in Micro Focus Service manager server, affecting versions 9.40, 9.41, 9.50, 9.51, 9.52, 9.60, 9.61, 9.62, 9.63. The vulnerability could be exploited to allow exposure of configuration data...

CVE-2020-9519

HTTP methods reveled in Web services vulnerability in Micro Focus Service manager server, affecting versions 9.40, 9.41, 9.50, 9.51, 9.52, 9.60, 9.61, 9.62, 9.63. The vulnerability could be exploited to allow exposure of configuration data...